When President Trump issued his May 11 executive order creating the Presidential Advisory Commission on Election Integrity, the move was hailed by some as an important step toward reducing the risk of voter fraud in American elections. Other commentators, pointing to the absence of documented voter fraud beyond a few isolated cases, considered the new Commission to represent little more than a tool for promoting stricter voter registration requirements that would disproportionately affect younger voters, low-income voters, naturalized voters, and voters of color.

Barely two months after its creation, the Commission finds itself embroiled in controversy on multiple fronts. Practically none of the states requested to provide comprehensive voter information to the Commission have done so by the original July 14 deadline, and at least six legal or administrative complaints have been filed to challenge the Commission’s creation and functions.

On July 10, the Commission administrator asked states not to provide the requested data until a United States District Court rules on a motion for temporary relief based on the Commission’s alleged violations of the E-Government Act of 2002, which requires federal agencies to conduct a Privacy Impact Assessment for any data systems that contain personally identifiable information. The motion was filed by the Electronic Privacy Information Center (EPIC) on July 3.

In the previous week, Commission Vice-Chair Kris Kobach requested that the secretaries of state for each state and the District of Columbia provide the following information with respect to each registered voter in each jurisdiction:

Full name

Address

Dates of birth

Political party

Last four digits of Social Security numbers

A list of the elections voted in since 2006

Felony convictions

Voter registration information from other states

Military status

Whether voters lived overseas

EPIC’s motion for temporary relief argued that release of this voter information would “increase the risks to the privacy of millions of registered voters—including in particular military families whose home addresses would be revealed—and would undermine the integrity of the federal election system. Further, the request for partial Social Security Numbers that are often used as default passwords for commercial services, coupled with the Commission’s plan to make such information ‘publicly available,’ is both without precedent and crazy.”

The requested individual voter data was to have been sent by the states to the U.S. Army’s SAFE website, which in turn was to have forwarded the data to White House servers. The Army itself is a defendant in a recent lawsuit filed by Public Citizen, Inc., which alleges that using the Army website for the Commission’s work violates the Administrative Practices Act and the Privacy Act of 1974.

It’s unclear why the Commission started its work with this blanket request for individualized voter information data. The request appears to be outside the scope of the stated purpose of the Commission to (1) identify laws and practices that strengthen public confidence in federal voting procedures, (2) identify laws and practices that undermine confidence in such procedures, and (3) identify the vulnerabilities that could lead to improper or fraudulent registration and voting in federal elections. Once the Commission delivers its report to the President on these three points, its work will be complete and it will dissolve.

In the near term, however, the Commission’s activities are likely to be bogged down in litigation and noncooperation from state election officials. It remains to be seen whether the Commission on Election Integrity will backtrack and demonstrate its compliance with the Privacy Act, the E-Government Act, the Federal Advisory Commissions Act, and the Administrative Procedures Act before renewing or refining its request for sensitive individual voter data.